Rules Contributing to Microsoft Entra Bitlocker Key Retrieval Alert
The following rules are used to identify suspicious Microsoft Entra bitlocker key retrieval activity. Any one or more of these will trigger the Microsoft Entra Bitlocker Key Retrieval Alert. Details for each rule can be viewed by clicking the More Details link in the description.
Title |
Description |
||||||||
---|---|---|---|---|---|---|---|---|---|
Bitlocker Key Retrieval |
Monitor and alert for Bitlocker key retrieval. More details
Rule IDQuery{'selection': {'Category': 'KeyManagement', 'OperationName': 'Read BitLocker key'}, 'condition': 'selection'} Log SourceStellar Cyber Microsoft Entra Events configured. Rule SourceSigmaHQ,a0413867-daf3-43dd-9245-734b3a787942 Author: Michael Epping, '@mepples21' Tactics, Techniques, and ProceduresReferences
N/A
Severity50 Suppression Logic Based On
Additional Information
|